Ten Security Essentials for the Networked Enterprise
The ideal information security environment is different depending on who you talk to. Your typical security engineer may say it must have firewalls, intrusion detection or any number of security focused technologies. Meanwhile a security tester may suggest that it is conducting penetration testing to provide assurances that security widgets are working well.
Tue, October 04, 2011
CSO — The ideal information security environment is different depending on who you talk to. Your typical security engineer may say it must have firewalls, intrusion detection or any number of security focused technologies. Meanwhile a security tester may suggest that it is conducting penetration testing to provide assurances that security widgets are working well.
This article attempts to provide a usable checklist to ensure the foundation is in place for an organisation to be as secure as it can reasonably be, given that it is operating in its own unique environment.
Information security can not be prescribed in a single checklist that suits all organisations. Information security is about adopting the right measures and controls for a given entity at a given point in time. Threats change and vulnerabilities are introduced or removed, demanding that security evolves simply to keep pace.
Checklist Item 1: Appointing a security officer
Every organisation should assign a security officer even if the role is given to an individual who wears multiple hats. Larger organisations may establish a dedicated position - the chief security officer who presides over a team of specialists addressing the different areas of information security.
The security officer is the central point for managing proactive and reactive information security tasks. The day to day activities for the individual resources that work in the domain will depend on the size and focus of an organisation but ultimately the security officer role should be accountable for the following:
Strategy -- identifying the security posture an organisation wishes to maintain and how this will be achieved.
Operations -- monitoring of security alerts and management of security assets, for example intrusion detection, jump hosts, firewalls and scanning tools.
Architecture -- ensuring security is designed into the businesses technology and processes.
Consultation -- providing consultation to projects or business units by way of requirements, reviews, recommendations and risk assessment.
Analysis -- researching products or specific technical issues to assist in provisioning of technology or remediation of vulnerabilities.
Testing -- providing security testing such as penetration testing for projects and rolling assurance exercises.
Emergency Response -- responding to emergency security incidents such as the compromise of information assets or the loss of service through a denial of service attack.
Programme manager -- acting as the business sponsor for a rolling security programme of work.
Checklist Item 2: Security reporting
Reporting provides a "heartbeat" for information security across an organisation. It ensures the right people remain up to date on the latest incidents, threats and initiatives that will influence the security posture. Regular reporting ensures those that are accountable for securing information assets are aware of the risks they may have inherited and the rigour in the controls that protect them.